I'm using VSFTP and xinetd, with the guide from the wiki. I had to change everything to nonstandard ports, because my isp blocks everything. I changed /etc/services ftp ports to 8082/8083, with 8083 as the listening port.
I can now access ftpd from inside the network (all behind a router) by using the internal ip address (192.168.1.101). However, if I enter the external ip address from inside the network it doesn't connect.
I asked about it in irc, and someone told me that i shouldn't change /etc/services, so i added port=8083 to /etc/xinetd.d/vsftpd. Same problem. BTW I have port 8082/8083 forwarded to 192.168.1.101.
Are you using PASV ftp? If so, you'll most likely have to add those to your router's rules too.
PASV is enabled by default, but I'm not using PASV unless I explicitly tell it to, right?
edit: actually, i'm looking at the manpage for lftp, i will look into this when i get home.
would i set pasv min&max ports in vsftpd.conf, or xinetd.conf?
edit: furthermore, how many ports do i need to allocate?
I'm not really sure where to set them in VSFTP. I use Pure-ftpd and I set the PASV ports in the launch command, although, there is a .conf file you can set them in also. However, that doesn't really help you with VSFTP. As for how many, that depends on how many connections you expect. On my ftp server, I have no more than 3 or 4 connections at any given time and I'm using 15 pasv ports. I've never had any problems.
If I enter the external ip address from inside the network it doesn't connect.
I'm not surprised. I wouldn't expect the router to loopback like that. Test it from outside.
Also, have you set up your router's port forwarding? Best to give your server a fixed IP outside the router's DHCP address range.
EDIT: Just yesterday my daughter's boyfriend was asking the same sort of thing, here's part of my reply...
If you have an FTP server running on a PC, these are the fundamental steps needed to allow someone on the Internet to connect:
1) The FTP Server will be "listening" for new connections on "TCP port 21" so if the PC is running a firewall, it must be configured to allow inbound unsolicited"/"new" connections on port 21. You can turn off the firewall (ZoneAlarm, WindowsXP firewall etc) if you think that is blocking this access but, please, only as a test measure.
2) With Eclipse I have a fixed IP address of 81.*.*.* so anybody on the Internet can try ftp to 81.*.*.*. If the server PC is connected via an ADSL modem then incoming traffic will pass straight to the computer - nothing more needs to be done. The modem will pass on the IP address given by the ISP (e.g. 81.*.*.*) to the PC when the PC is switched on.
If the Internet connection is an ADSL modem/router then the router needs to know which PC should get unsolicited/new FTP port 21 connections. This is known as "port forwarding" or "virtual server". Now our router's ADSL interface is set to 81.*.*.* and it's internal network interface is set to 10.0.0.2. All our PCs access the Internet via a "gateway" at 10.0.0.2 (i.e. the router). My PC is 10.0.0.16 (Jon's is 10.0.0.18, Jess's 10.0.0.17). If I told the router to forward TCP port 21 requests to 10.0.0.16 then I could run an ftp server on my PC that could be seen by people on the net.
3) There is one other "gotcha". Routers can automatically allocate IP addresses to PCs on the local net when they are switched on, if the PC gets it's IP address "automatically" or from "DHCP" then the router might allocate a different IP address when the PC is next booted so the "port forwarding" would need to be checked each time. To stop this, the PC running the server must have a fixed IP address and outside the range of ip addresses allocated by the router's DHCP server.
For instance, I can configure our router's DHCP server to hand out IP addresses in the range 10.0.0.50 to 10.0.0.254 so any PC plugged in to our cables can connect. The router will never allocate 10.0.0.16, 17 or 18 even if those PCs are switched off.
Euphoric: You might need to make a mapping,
(or DMZ, virtual server or similar) to your ftp-server..
lets say that you in your router has 4 computers, with different ips, when you connect to th e "internet ip" the router must know where to redirect the traffic, this is done with things called dmz, virtual server or mappings (depending on which brand the router is)
3com uses virtual servers ...this is done on the router itself
http://www.linuxportalen.com -> Linux Help portal for Linux and ArchLinux (in swedish)
Dell Inspiron 8500
Kernel 2.6.14-archck1 (selfcompiled)